net: allow TCP only DNS requests in the pure Go resolver on unix

src/net/conf.go

@@ -22,6 +22,9 @@ type conf struct {
 	netGo  bool // go DNS resolution forced
 	netCgo bool // cgo DNS resolution forced
 
+	// use TCP for netGo DNS queries
+	preferTCP bool
+
 	// machine has an /etc/mdns.allow file
 	hasMDNSAllow bool
 
@@ -44,10 +47,11 @@ func systemConf() *conf {
 }
 
 func initConfVal() {
-	dnsMode, debugLevel := goDebugNetDNS()
+	dnsMode, debugLevel, preferTCP := goDebugNetDNS()
 	confVal.dnsDebugLevel = debugLevel
 	confVal.netGo = netGo || dnsMode == "go"
 	confVal.netCgo = netCgo || dnsMode == "cgo"
+	confVal.preferTCP = preferTCP
 
 	if confVal.dnsDebugLevel > 0 {
 		defer func() {
@@ -286,18 +290,22 @@ func (c *conf) hostLookupOrder(r *Resolver, hostname string) (ret hostLookupOrde
 //    2       // debug level 2
 //    cgo     // use cgo for DNS lookups
 //    go      // use go for DNS lookups
+//    tcp     // use TCP for DNS lookups (go resolver only)
 //    cgo+1   // use cgo for DNS lookups + debug level 1
 //    1+cgo   // same
 //    cgo+2   // same, but debug level 2
+//    go+tcp  // use go and TCP
 // etc.
-func goDebugNetDNS() (dnsMode string, debugLevel int) {
+func goDebugNetDNS() (dnsMode string, debugLevel int, preferTCP bool) {
 	goDebug := goDebugString("netdns")
 	parsePart := func(s string) {
 		if s == "" {
 			return
 		}
 		if '0' <= s[0] && s[0] <= '9' {
 			debugLevel, _, _ = dtoi(s)
+		} else if s == "tcp" {
+			preferTCP = true
 		} else {
 			dnsMode = s
 		}

src/net/dnsclient_unix.go

@@ -137,7 +137,13 @@ func (r *Resolver) exchange(ctx context.Context, server string, q dnsmessage.Que
 	if err != nil {
 		return dnsmessage.Parser{}, dnsmessage.Header{}, errCannotMarshalDNSMessage
 	}
-	for _, network := range []string{"udp", "tcp"} {
+	var networks []string
+	if r.PreferTCP || systemConf().preferTCP {
+		networks = []string{"tcp"}
+	} else {
+		networks = []string{"udp", "tcp"}
+	}
+	for _, network := range networks {
 		ctx, cancel := context.WithDeadline(ctx, time.Now().Add(timeout))
 		defer cancel()
 

src/net/dnsclient_unix_test.go

@@ -1621,3 +1621,30 @@ func TestTXTRecordTwoStrings(t *testing.T) {
 		t.Errorf("txt[1], got %q, want %q", txt[1], want)
 	}
 }
+
+// Issue 29358. Add configuration knob to force TCP-only DNS requests in the pure Go resolver.
+func TestPreferTCP(t *testing.T) {
+	fake := fakeDNSServer{
+		rh: func(n, _ string, q dnsmessage.Message, _ time.Time) (dnsmessage.Message, error) {
+			r := dnsmessage.Message{
+				Header: dnsmessage.Header{
+					ID:       q.Header.ID,
+					Response: true,
+					RCode:    dnsmessage.RCodeSuccess,
+				},
+				Questions: q.Questions,
+			}
+			if n == "udp" {
+				t.Fatal("udp protocol was used instead of tcp")
+			}
+			return r, nil
+		},
+	}
+	r := Resolver{PreferGo: true, PreferTCP: true, Dial: fake.DialContext}
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+	_, _, err := r.exchange(ctx, "0.0.0.0", mustQuestion("com.", dnsmessage.TypeALL, dnsmessage.ClassINET), time.Second)
+	if err != nil {
+		t.Fatal("exchange failed:", err)
+	}
+}

src/net/lookup.go

@@ -123,6 +123,11 @@ type Resolver struct {
 	// GODEBUG=netdns=go, but scoped to just this resolver.
 	PreferGo bool
 
+	// PreferTCP controls whether Go's built-in DNS resolver will use
+	// TCP instead of UDP with a fallback to TCP. It is equivalent to setting
+	// GODEBUG=netdns=go+tcp, but scoped to just this resolver.
+	PreferTCP bool
+
 	// StrictErrors controls the behavior of temporary errors
 	// (including timeout, socket errors, and SERVFAIL) when using
 	// Go's built-in resolver. For a query composed of multiple

src/net/net.go

@@ -66,6 +66,9 @@ GODEBUG environment variable (see package runtime) to go or cgo, as in:
 The decision can also be forced while building the Go source tree
 by setting the netgo or netcgo build tag.
 
+The pure Go resolver can be configured to use only TCP to communicate
+by using the tcp option, as in GODEBUG=netdns=go,tcp.
+
 A numeric netdns setting, as in GODEBUG=netdns=1, causes the resolver
 to print debugging information about its decisions.
 To force a particular resolver while also printing debugging information,